Things I Hearted this Week, 27th April 2018

Get the latest security news in your inbox.

Master Keys

F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility. The design flaws discovered in the lock system’s software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world’s largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.

SEC Fines Yahoo $35 Million

The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.

The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. Yahoo, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.

SOCs require automation to avoid analyst fatigue for emerging threats

SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.

Hackers Steal Data on 14 Million Users From Ride-Hail App Careem

The personal data of up to 14 million people in the Middle East, North Africa, Pakistan and Turkey has been stolen by online criminals in a cyber-attack on the systems of Dubai ride sharing platform Careem.

On January 14, the company detected the breach in the computer systems which hold the account data of customers and captains – or drivers – in 78 cities in 13 countries. Names, email addresses, phone numbers, as well as trip data was stolen.

Muhstik botnet exploits highly critical Drupal bug

Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month, researchers said they were not aware of any public exploits.

Cops used dead man’s finger in attempt to access his phone

In a case of, yes, it’s legal, but is it appropriate? Especially when the deceased was shot and killed by a police officer in that same department.

"While the deceased person doesn’t have a vested interest in the remains of their body, the family sure does, so it really doesn’t pass the smell test," said Charles Rose, professor and director of the Center for Excellence in Advocacy at Stetson University College of Law. "There’s a ghoulish component to it that’s troubling to most people."

About the Author:Javvad MalikThe man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›